[refpolicy] [PATCH 3/4] Allow the dbusd_t domains to read xdg data

Sven Vermeulen sven.vermeulen at siphos.be
Sun Sep 4 07:14:07 CDT 2011


The dbus domains currently hold userdom_read_user_home_content_files,
partially due to it requiring the xdg data (xdg_data_home_t).

Grant xdg_read_data_home to the dbus domain keeps this. From first looks
of it, other xdg locations are not needed by dbus.

Signed-off-by: Sven Vermeulen <sven.vermeulen at siphos.be>
---
 policy/modules/services/dbus.if |    2 ++
 1 files changed, 2 insertions(+), 0 deletions(-)

diff --git a/policy/modules/services/dbus.if b/policy/modules/services/dbus.if
index 1a1becd..948aa56 100644
--- a/policy/modules/services/dbus.if
+++ b/policy/modules/services/dbus.if
@@ -151,6 +151,8 @@ template(`dbus_role_template',`
 
 	userdom_read_user_home_content_files($1_dbusd_t)
 
+	xdg_read_data_home($1_dbusd_t)
+
 	ifdef(`hide_broken_symptoms', `
 		dontaudit $3 $1_dbusd_t:netlink_selinux_socket { read write };
 	')
-- 
1.7.3.4



More information about the refpolicy mailing list